Baiting is another sibling to phishing. Whereas phishing creates urgency and fear to drive actions baiting uses…well…bait.
A baiter entices the target to give information or visit a poisoned website by offering something of value to the target. It might be free music or movie downloads. It might be an extended trial license of an expensive piece of software. And it doesn’t have to exist solely online.
Commonly known as “baiting USB’s”, one of the more infamous offline baiting techniques comes in the guise of a free USB storage device sprinkled around a work place or some other public space. The user sees a brand new USB in unspoiled packaging and, thinking he just scored a free USB, opens the package and inserts the USB into his PC. Unfortunately, that USB was pre-installed with malware, which is now on the machine, working silently in the background undetected, logging keystrokes, grabbing passwords and otherwise stealing information that could enable identity theft or a cyber heist.
Moral of the story – regularly remind your work colleagues to avoid taking what appear to be innocuous steps to get something free online. And don’t EVER use a USB obtained from an unknown source.